US hit by new ransomware attack

Independence Day celebrations ruined for victims as ransomware gang strikes again

Posted 5 July 2021 by Christine Horton

US businesses have once again been hit by another “colossal” ransomware attack.

It was revealed Friday that around 200 US firms have fallen victim after cybercriminals targeted IT company Kaseya.

Similar to the SolarWinds attack, the companies which were infected all used Kaseya’s IT management software.

Cybersecurity firm Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible. The gang was blamed by the FBI for a hack in May that paralysed operations at the world’s largest meat supplier, JBS. It also was also linked to a co-ordinated attack on nearly two dozen local governments in Texas in 2019.

“This is a colossal and devastating supply chain attack,” Huntress Labs’ senior security researcher John Hammond said in an email to Reuters news agency.

Kaseya posted a statement on its website that said: “Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack.”

However, it said that due to its “fast response”, the attack has been localised “to a very small number of on-premises customers only.”

It continued: “Our security, support, R&D, communications, and customer teams continue to work around the clock in all geographies to resolve the issue and restore our customers to service.

It is likely the breach was timed to coincide with the US’ Independence Day celebrations at the weekend.

The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.

Kaseya claims to have a presence in over 10 countries and more than 10,000 customers.

In its latest update, Kaseya said its executive committee had met on Sunday evening and decided that, to best minimise customer risk, more time was needed before bringing the datacentres back online. They will meet again today (Monday) with a goal of bringing them online by end of day.

“Once we have begun the SaaS Data Center restoration process (see SaaS Restoration Timeline Updates above), we will publish the schedule for distributing the patch for on-premises customers.

Threat to MSPs and customers

Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC) said last month that ransomware is escalating and becoming increasingly professionalised.

The attacks are particularly frightening to managed service providers (MSPs) as they weaponize remote monitoring and management (RMM) software. As such, the UK government is currently considering a new cybersecurity framework for MSPs to prevent third-party attacks.

At the G7 summit last month, leaders of the leading industrial nations agreed to take steps to tackle the problem. The summit’s final communique called on Russia to “hold to account those within its borders who conduct ransomware attacks” and said G7 nations would work together “to urgently address the escalating shared threat”.